/ ^Lf~ What is claimed is: 
An integrated circuit card for use with, 



terminal , comprising : 

a communicator configured to^j3<5mmunicate with 
the terminal ; 

a memory storing: 

an application having a high level 
programming language format, and 

interpreter; and 
Jrocessor coupled to the memory, the 
processor^nf igured to use the interpreter to interpret the 
application for execution and to use the communicator to 
comrimnicate with the terminal 



2. The integrated circuit card of claim 1, wherein 
the high level programming language format comprises a class 
file format . 



3. The integrated circuit card of claim 1 wherein 
the processor comprises a microcontroller. 

4 . The integrated circuit card of claim 1 wherein 
at least a portion of the memory is located in the 
processor. 

5. The integrated circuit card of claim 1 wherein 
the high level programming language format comprises a Java 
programming language format . 



— _ ^6. The integrated circuit^ax^^ 

the applicatjUHa--ha^been processed from a 
second applica^i^rrTiaving a string of characters, and 

the string of characters is represented in the 
application by an identifier. 

7. The integrated circuit card of claim 6, wherein 
the identifier comprises an integer. 

8 . The integrated circuit card of claim 1 wherein 
the processor is further configured to: 

receive a request from a requester to access an 
element of the card; 

after receipt of the request, interact with the 
requester to authenticate an identity of the requester; and 

based on the identity, selectively grant access 
to the element . 

9. The integrated circuit card of claim 8, wherein 
the requester comprises the processor. 

10. The integrated circuit card of claim 8, wherein 
the requester comprises the terminal. 

11. The integrated circuit card of claim 8, wherein 
the element comprises the application stored in 

the memory, and 

once access is allowed, the requester is 
configured to use the application. 



12. The integrated circuit card of claim 8, wherein 
the element comprises another application 
stored in the memory. 



13. The integrated circuit card of claim 8, wherein 
the element includes data stored in the memory. 

14 . The integrated circuit card of claim 8 wherein 
the element comprises the communicator. 

15. The integrated circuit card of claim 8, wherein 
the memory also stores an access control list for the 
element, the access control list furnishing an indication of 
types of access to be granted to the identity, the processor 
further configured to: 

based on the access control list, selectively 
grant specific types of access to the requester. 

16. The integrated circuit card of claim 15 wherein 
the types of access include reading data. 

17. The integrated circuit card of claim 15 wherein 
the types of access include writing data. 

18 . The integrated circuit card of claim 15 wherein 
the types of access include appending data. 

19. The integrated circuit card of claim 15 wherein 
the types of access include creating data. 

20. The integrated circuit card of claim 15 wherein 
the types of access include deleting data. 



21. The integrated circuit card of claim 15 wherein 
the types of access include executing an application. 



22. The integrated circuit card of claim 1, wherein 
the application is one of a plurality of applications stored 
in the memory, the processor is further configured to: 

receive a request from a requester to access 
one of the plurality of applications; 

after receipt of the request, determine whether 
said one of the plurality of applications complies with a 
predetermined set of rules; and 

based on the determination, selectively grant 
access to the requester to said one of the plurality of 
applications . 

23. The integrated circuit card of claim 22, 
wherein the predetermined rules provide a guide for 
determining whether said one of the plurality of 
applications accesses a predetermined region of the memory. 

24. The integrated circuit card of claim 22, 
wherein the processor is further configured to: 

authenticate an identity of the requester; and 
grant access to said one of the plurality of 
applications based on the identity. 

25. The integrated circuit card of claim 1, wherein 
the processor is further configured to: 

interact with the terminal via the communicator 
to authenticate an identity; and 

determine if the identity has been 
authenticated; and 

based on the determination, selectively allow 
communication between the terminal and the integrated 
circuit card. 
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26. The integrated circuit card of claim 25, 



wherein the communicator and the terminal communicate via 
communication channels, the processor further configured to 
assign one of the communication channels to the identity 
5 when the processor allows the communication between the 
terminal and the integrated circuit card. 

27. The integrated circuit card of claim 26, 
wherein the processor is further configured to: 

assign a session key to said one of the 
10 communication channels, and 

use the session key when the processor and the 
terminal communicate via said one of the communication 
channels . 

28. The integrated circuit card of claim 1, wherein 
15 the terminal has a card reader and the communicator 

comprises a contact for communicating with the card reader. 



20 




30. The integrated circuit card of claim 1, wherein 



the terminal has a wireless communication device and the 
communicator comprises a wireless transmitter for 
communicating with the wireless communication device. 
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S>^^ & V 3i, a method for use with an integrated c: 
card and a terminal, comprising: 

storing an interpreter ar^d-^n application 
having a high level programmir^^Tanguage format in a memory 
5 of the integrated circuij^card; and 

using a^rocessor of the integrated circuit 
card to use th^^mterpreter to interpret the application for 
executionjXand 

using a communicator of the card when 
10 gefmmunicating between the processor and the terminal. 



32. The method of claim 31, wherein the high level 
programming language format comprises a class file format. 

33. The method of claim 31, wherein the processor 
comprises a microcontroller. 

15 34. The method of claim 31, wherein at least a 

portion of the memory is located in the processor. 



35. The method of claim 31, wherein the high level 
programming language format comprises a Java programming 
language format . 




20 36. The method of claim 1, wherein 

the application has been processed, 
second application having a^st^^ng~""oE^^ further 

comprising : ^ 

^ — -"representing the string of characters in the 
25 i^fst application by an identifier. 



37. The method of claim 36, wherein the identifier 
includes an integer. 
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38. The method of claim 31, further comprising: 
receiving a request from a requester to access 

an element of the card; 

after receipt of the request, interacting with 
the requester to authenticate an identity of the requester; 
and 

based on the identity, selectively granting 
access to the element . 

39. The method of claim 38, wherein the requester 
comprises the processor. 

40. The method of claim 38, wherein the requester 
comprises the terminal. 

41. The method of claim 38, wherein the element 
comprises the application stored in the memory, further 
comprising : 

once access is allowed, using the application 
with the requester. 

42. The method of claim 38, wherein the element 
comprises another application stored in the memory. 

43. The method of claim 38, wherein the element 
includes data stored in the memory. 

44. The method of claim 38, wherein the element 
comprises the communicator. 



45. The method of claim 38 , wherein the memory also 
stores an access control list for the element, the access 
control list furnishing an indication of types of access to 
be granted to the identity, further comprising: 

based on the access control list, using the 
processor to selectively grant specific types of access to 
the requester. 

46. The method of claim 45, wherein the types of 
access include reading data. 

47. The method of claim 45, wherein the types of 
access include writing data. 



48. The method of claim 45, wherein the types of 
access include appending data. 

49. The method of claim 45, wherein the types of 
access include creating data. 



50. The method of claim 45, wherein the types of 
access include deleting data. 

51. The method of claim 45, wherein the types of 
access including executing an application. 
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52. The method of claim 31, wherein the application 
is one of a plurality of applications stored in the memory, 
further comprising: 

receiving a request from a requester to access one 
of the applications stored in the memory; 

upon receipt of the request, determining whether 
said one of the plurality of applications complies with a 
predetermined set of rules; and 

based on the determining, selectively granting 
access to the said one of the plurality of applications. 

53. The method of claim 52, wherein the 
predetermined rules provide a guide for determining whether 
said one of the plurality of applications accesses a 
predetermined region of the memory. 

54. The method of claim 52, further comprising: 
authenticating an indent ity of the requester; and 
based on the indentity, granting access to said one 

of the plurality of applications. 

55. The method of claim 31, further comprising: 
communicating with the terminal to authenticate 

an identity; 

determining if the identity has been 
authenticated; and 

based on the determining, selectively allowing 
communication between the terminal and the integrated 
circuit card. 
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56. The method of claim 55, further comprising: 
communicating between the terminal and the 

processor via communication channels; and 

assigning one of the communication channels to 
the identity when the allowing allows communication between 
the card reader and the integrated circuit card. 

57. The method of claim 56, further comprising: 
assigning a session key to said one of the 

communication channels; and 

using the session key when the processor and 
the terminal communicate via said one of the communication 
channels . 
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A smart card comprising: 

a memory storinq ^Java^ljiEerpreter ; and 
a prpGes'Sor" configured to use the interpreter 
a Java application for execution. 




59, 



A microcontroller comprising: 
a semiconductor substrate; 
a memory located in the substrate; 
a programming language interpreter stored in 
the memory and configured to implement Security checks; and 

a central processing uni£ located in the 
substrate and coupled to the memory^ 



a tss! 
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60. The microcontroller/ of claim 59, wherein the 
interpreter comprises a Java byte code interpreter. 



61 



The micro<^ont] 



15 security checks compri 



)ller of claim 59 , wherein the 
stablishing firewalls. 



The microcontroller of claim 59 , wherein the 

7 



62 

security checks comprise Enforcing a sandbox security model 



/ 

63. A smart card comprising: 
^memory; 



the memo 



memory. 



64 



y a programming language interpreter stored in 
and configured to implement security checks; and 
a central processing unit coupled to the 



The smart card of claim 63 , wherein the 



25 interpreter comprises a Java byte code interpreter, 
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65. The smart card of claim 63, wherein the 
security checks comprise establishing firewalls. 

66. The smart card of claim 63, where in/ the 
security checks comprise enforcing a sandbox security model 



CO; 



5 67. An integrated circuit card for/use with a 

terminal , comprising : 

a communicator; 

a memory storing an interpreter and first 
instructions of a first application, the first instructions 
10 having been converted from second instructions of a second 
application; and 

a processor coupled to the memory and 
configured to use the interpreter to execute the first 
instructions and to communicatee )with the terminal via the 
15 communicator. 



m 



s - 

m 



68. The integrated circuit card of claim 67, 
wherein the first application has a class file format. 

69. The int^Kjrated circuit card of claim 67, 
wherein the second/application has a class file format, 



20 70. The/integrated circuit card of claim 67, 

wherein the first instructions comprise byte codes. 

71. /The integrated circuit card of claim 67, 
wherein th£ second instructions comprise byte codes. 



25 where: 



f2 . The integrated circuit card of claim 67, 
the first instructions comprise Java byte codes, 
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73. The integrated circuit card of claim 67 , 
wherein the second instructions comprise Java byte codes, 

74. The integrated circuit card of claim/67, 
wherein the first instructions comprise generalized versions 
of the second instructions. 

75. The integrated circuit card of y£laim 67, 
wherein the first instructions comprise renumbered versions 
of the second instructions 

76. The integrated circuit cafid. of claim 67, 

wherein 

the second instructions inqlude constant references, 

and 

the first instruction^ ijicUude constants that 
replace the constant refereno^of the second instructions. 

77. The integratect^o^rcuij. card of claim 67, 

wherein 

the second instructions include references, the 
references shifting location during the conversion of the 
second instructions vo the first instructions, and 

the first instructions are relinked to the 
references after zhe shifting. 

78. Tjzfe integrated circuit card of claim 67, 

wherein 

the/first instructions comprise byte codes for a 
first type of virtual machine, and 

:he second instructions comprise byte codes for a 
second/type of virtual machine, the first type being 
different from the second type. 
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79. A method for use with an integrated circuity 
card, comprising: 

converting second instructions of a secorid 
application to first instructions of a first application; 
5 storing the first instructions in a rpfemory of 

the integrated circuit card; and 

using an interpreter of the integrated circuit 
card to execute the first instructions, 

80. The method of claim 79, wherein the first 
10 application has a class file format 

81. The method of claim 79/ wherein the second 
application has a class file format, 



is. 



Hi; 



82. The method of clapn^?$, wherein the first 
instructions comprise^b^te erodes. 

15 83. The method at claim 79, wherein the second 

instructions comprise Jsyte codes. 

84. The method of claim 79, wherein the first 
instructions comprise Java byte codes. 



85. T?he method of claim 79, wherein the second 
20 instruction^ comprise Java byte codes. 



V 6 . The method of claim 79, wherein the first 
instructions are generalized versions of the second 
instructions . 
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87. The method of claim 79, wherein the converting 
includes renumbering the second instructions to form £x£st 
instructions . 



88. The method of claim 79, whereip^the second 
instructions include constant ref erence^p'f and 

the converting includes replacing the constant 



references of the second int 



tons with constants, 



89. The method oflU^^i/n 79 # wherein the second 
instructions include re^rjencesV and the converting includes 
shifting location of7^he_refereijces, further comprising: 

relinking ytfne first instructions to the references 
after the converting. 

9JSf. The method of claim 79, wherein 
'the first instructions comprise byte codes for a 
type of virtual machine, and 
the second instructions comprise byte codes for a 
second type of virtual machine, the first type being 
different from the second type. 
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91. An integrated circuit for use with a terminal 
comprising: 

a communicator configured to communicate with the 
terminal ; 

a memory storing a first application that has been 
processed from a second ap^Li€ation having a string of 
characters, the stringx^f characters being represented in 
the first application by an identifier; and 

a^processor coupled to the memory, the 
processor^onf igured to use the interpreter to interpret the 
f irst/cipplication for execution and to use the communicator 
to/communicate with the terminal . 



20 



92. The integrated circuit card of claim 91, 
wherein the identifier comprises an integer. 




A method for use with an integrated circv 
card and a terminal comprising; 

processing a second application to^reate a first 
application, the second applicatiqp^Kaving a string of 
characters; 

representing the^e^rinq of characters of the first 
application by an iptentifier in the second application; 

storina^n interpreter and the first application in 
a memory of/€he integrated circuit card; and 

sing a processor of the integrated circuit card to 
use a& interpreter to interpret the first application for 
execution . 



94. The method of claim 93, wherein the indentifier 
includes an integer. 
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A microcontroller comprising; 
a memory storing: 

an application having 



file format, 



and 




processor 



an int^j^feter; and 
a prope^sor coupled to the memory, the 

Lgured to use the interpreter to interpret the 



appl. 



;ion for execution 



The microcontroller of claim further 

10 comprising: 

a communicator configured to communicate with a 
terminal . 



J9rf. The microcontroller of claim wherein the 
terminal has a card reader and the communicator comprises a 
15 contact for communicating with the card reader. 



X98 



microcontroll 




20 



3ra±nr^5, wnerein~1rhg~ 
terminal has ^-w±r€less communication device and the 
comnuinrrctor a wireless transceiver for communicating with 
the wireless communication device. 

2%. The microcontroller of claim >6*, wherein the 
terminal has a wireless communication device and the 
communicator comprises a wireless transmitter for 
communicating with the wireless communication device. 



25 



14KT . The microcontroller of claim wherein the 
class file format comprises a Java class file format. 
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101. A method for use with an integrated circi 
card, comprising: 

storing a first application in a memoppf of the 
integrated circuit card; 

storing a second appl^rc^tiqji^rn the memory of the 
integrated circuit card; 

creating a firewal^that isolates the first and 
second applications s^J^thafe^tlie^econd application cannot 
access either thp^rirst application or data associated with 
the first application. 



102. The method of clainy^Ol, wherein the first and 
second applications comprise Java byte codes. 



103. The method of claim 100, wherein the creat: 
includes using a Java interpreter. 



15 104. The method of claim :U)>rwherein 

the storing of the fjjf&t application is performed in 
association with manujacfure of the integrated circuit card; 
and 

th^^toring of the second application is performed 
20 at a^r£ter time after the manufacture is completed. 
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105. An integrated circuit card for use with a/ 
terminal, comprising: 

a communicator configured to communicate with 
the terminal; 



applications, eafch application having a 
high level programming language format, and 

an interpreter; and 
a procespt^r coupled to the memory, the 
10 processor configured to: 

/ a.) use the interpreter to interpret the 
applications/for execution, 

/ b.) use the interpreter to create a 

firewall to isolate the applications from each other, and 
15 X c.) use the communicator to communicate 

wich the terminal . 
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